Canada Computers Data Breach May Have Exposed Customers’ Payment Details

Canada Computers & Electronics — a major Canadian tech retailer headquartered in Richmond Hill, Ontario — has confirmed a data breach involving its online store that may have exposed personal and financial information from customers who made purchases through its website. The retailer acknowledged the issue in a notification to customers, though critics say details remain vague and many shoppers are concerned about the scope of the compromise.

The suspected breach was discovered in mid-January when a security researcher noticed malicious code on the Canada Computers checkout page that appeared to be collecting credit card details. This type of malware — commonly known as a “card skimmer” script — can quietly capture information such as card numbers, expiry dates, CVV codes and billing addresses when customers enter them during checkout. Experts warn that these attacks can go unnoticed for weeks or longer if not detected and removed swiftly.

Multiple customers and online community discussions indicate that some shoppers may have already experienced fraudulent transactions on their credit cards after shopping on the site, raising fears the compromise could have affected a significant number of users. Some say they received no direct communication about the breach until public reports surfaced, triggering criticism of how the company handled the situation and its transparency with affected users.

In its advisory, Canada Computers said the breach “may have exposed certain personal information for a portion of our online customers,” but did not provide a clear timeline for how long the issue persisted, how many people were affected, or exactly what information was stolen. The company has urged customers who used the online store recently to monitor their bank statements and consider cancelling compromised cards as a precaution.

Cybersecurity specialists emphasise that online retailers must detect and mitigate web skimming attacks quickly, as these threats exploit vulnerabilities in website code and can siphon data without alerting site operators. Canada, like many other countries, continues to grapple with a rising number of cyber threats targeting businesses of all sizes, from small enterprises to large corporations.

Affected customers are also encouraged to check with their banks for fraud protection services and to report any unusual charges immediately. Meanwhile, privacy and consumer advocacy groups note that companies have legal obligations under Canada’s privacy laws — such as the Personal Information Protection and Electronic Documents Act (PIPEDA) — to notify individuals and regulators when a breach creates a real risk of significant harm.